How Many of Your Users Set “Do Not Track”?

You may have seen the “Do Not Track” option in your browser — perhaps you even have it set to “On” yourself, but do you know how many of your users have it set?

“Do Not Track” is a simple HTTP request header that identifies a user’s desire not to be tracked, in the form of an on/off switch sent via the “DNT” header.

Firefox DNT preference

Firefox DNT preference

If a user would like to be “not tracked”, they click the option in their browser and then all requests they make to any site will start getting an additional header “DNT: 1”.

This header can also be 0 or just not set, indicating either opting in to being tracked or not expressing a preference respectively. Since the “yes I do want to be tracked”, and the “I express no preference” headers effectively mean the same thing and are implemented differently by different browsers for our purposes here it is really just an on/off option.

This option has been supported by most browsers since 2011 (Chrome in 2012), and seems like a brilliantly simply way to convey a message to the sites we visit. Unfortunately, it’s been an option that just doesn’t do much. Chrome for example gives you a long warning when you turn on this option basically indicating it’s not going to do anything. Their help page is particularly blunt:

Does Chrome provide details of which websites and web services respect Do Not Track requests and how they interpret them?

No. At this time, most web services, including Google’s, do not alter their behavior or change their services upon receiving Do Not Track requests.

Bummer, so it doesn’t work? Sadly the answer is pretty much a yes. As an end user if you want to stop sites from tracking you, clicking that option isn’t going to do that much. There are some major sites that have made commitments to honor these requests, including Pinterest & Twitter (a list is available from, but honestly if you want to not be tracked/profiled by sites and especially the 3rd party trackers, tag managers & ad networks then you’re much better off to use something like Ghostery or the EFF’s Privacy Badger.

Effectiveness aside (for now), what I wanted was an easy way to see was how many of my own site’s users were trying to tell me they didn’t want to be tracked.

Existing Benchmarks provided the best up-to-date numbers I could find as a benchmark. Here are their numbers across all browsers:

Average % with DNT set (from

So a benchmark right about 15%.

These numbers are based on sites that use the CookieQ EU cookie-compliance system, so this data is presumably largely gathered from EU users. You might expect the EU numbers to skew higher than the US based on a perception of increased concern about privacy (and that appears true vs. overall world averages), however according to Mozilla’s DNT Dashboard tracker, the US is at about the same levels as most of Western Europe when comparing DNT in Firefox Desktop (US: 12.9%, FR: 12.8%, DE: 12.6, UK: 12.5%), and higher than the rest of Europe.

DNT for Firefox Per Country

DNT for Firefox Per Country (from Mozilla’s DNT Dashboard)

The overall world average using Firefox is 8.2% as of Sept. 2014.

So how is the average from Baycloud (15%) so much higher than from Mozilla (8%)? Geography aside, the answer is that IE 10 & 11 default to having DNT set to on. I find this to be a bad idea for multiple reasons, but for our purposes here of trying to figure out your users’ preferences it makes data from those browsers useless since most users will not change the defaults.

Testing for Ourselves

Now that we’ve got some benchmarks, let’s figure out how to look at what our own users want.

The easiest & most useful way to track this (for me at least) is within Google Analytics.

The steps are:
1. Setup a custom dimension in your GA called DNT.
2. Read users’ DNT setting with either JS or from the HTTP header directly, then set the GA dimension variable with that value.
3. Reports! Exclude IE 10 & 11 from your reporting since they don’t represent active user choice.

1. Setup Custom Dimension

I set up a custom dimension named DNT, so not only can I see how many users have their DNT preference set, but so I can see what kind of users they might be vs. our site averages (like in terms of engagement, geography, etc.). I definitely recognize the irony here of using GA tracking to track our DNT users, but this is all in the service of research ultimately trying to better reflect their wishes, right?


Under “Admin : Property : Custom Definitions : Custom Dimensions”

Note this is for Google Analytics Universal. More instructions on custom dimensions from Google here.

2. Get the browser setting

So we need to get their DNT setting, which is a little more annoying than you might think. Here’s the basic JS:

Which in my testing covers most browsers other than IE8. IE8 uses a separate function, but I’m ok with ignoring IE8 if you are. Agreed? Agreed.

The long if statement is a little silly in that what we’re after is just a simple HTTP header, but different browsers expose that setting to the JavaScript in different ways. Microsoft has an overview here.

Because the standard is based on an HTTP header, this is more simply gathered from the server side, but I’m assuming JS as you may be more easily able to deploy it via a tag manager. If you did want to grab this on the server-side just pull the header directly. E.g. in PHP: $_SERVER[‘HTTP_DNT’]. You can’t grab the header directly in the JavaScript because even if you had the request object (like by doing an AJAX request), the DNT header is not provided via getResponseHeader.

In any case the next step is we need to stick it into GA (easy):

Yea, really that’s it. Just make sure to do that before you do your call to send a tracking event (like a pageview call), so in context it might look like:

Then you’ll have that custom dimension available in your GA reports!

3. Reporting

Test Site DNT Percentage

Test Site DNT Percentage: 17%  DNT on

You probably already know what to do with this step, just use your new custom dimension as you would any other dimension. I created a custom report with DNT as the primary metric, you can import that here:
Custom Report:

Then you can apply a segment to exclude those versions of IE we don’t want. You can import mine here:
Non-IE Segment:

My Results

For the test site I ran this on, I found my base DNT % to be much higher than the Baycloud benchmarks.

All Users
DNT on 31%
DNT off 69%

This is at least partially due to our test site’s IE browser share. StatCounter reports IE’s European market share as 11.9%, vs. our test site was 30.2% IE. This is likely because my test site is mostly US traffic (25% share from the same StatCounter reports), and also that its traffic skews more desktop-based.

That’s a lot of YMMV-type talk, but that’s the point of this experiment… to see how much your site user’s DNT preferences vary from the benchmarks.

Still, we need to take out the IE 10 & 11 traffic because it defaults to DNT: on. As we all know, users won’t generally change preferences, so we need to exclude those users where this setting doesn’t represent an active user choice.

Excluding IE 8, 10, 11
DNT on 17%
DNT off 83%

This is closer to our benchmarks, but still considerably higher. The same holds true when we segment as close to a benchmark as we can get, US Desktop Firefox vs. benchmark US Desktop Firefox (21% test vs. 12.9% benchmark).

This indicates that not only are a decent percentage of our test site’s users interested in not being tracked in general (17%), but they seem to be more interested than is typical. This corresponds with my expected result based on the subject matter of the site, so yay! I also found that the average pages/session of a DNT user was higher than a non-DNT user, so not only was there a lot of them, but they were quality users.

What do we do with this data?

In reading about DNT, a lot of people describe it as a failure because it doesn’t actually do much for the user at this time. Adoption has not been wide and giants like Google, Yahoo, etc. have not been that supportive, which is understandable considering their business models. Yahoo for example first globally supported DNT in 2012, then pulled this support in April 2014, then added it back (but only for Firefox!) as part of the default FF search change announced in November 2014.

It is true that DNT is not well supported, or even defined what “supported” would mean — but I’d also argue it is a big victory to have an easy-to-use preference in almost all browsers that sends a simple signal to websites about their preferences. While that option is still around, we should be trying to learn what users are telling us (as site owners) and then listening to what they are asking for.

I’d suggest thinking of this as a feature request. If 20% of your users are making a feature request (in this case, not to be tracked) then we are doing them a disservice by ignoring that request.

How that feature request is implemented is up to each individual site, just like any other feature request. For example, turning off the logging of a web request (as suggested at is not really feasible or realistic for most sites, but automatically disabling tailored suggestions for DNT users (as Twitter did) is a good idea and something that users will actively notice.

For many sites the biggest amounts of tracking are from 3rd party services like web analytics, ad networks, tag managers, etc. Some do support DNT, but many don’t. So what can you do? Maybe you could consider opting-out DNT users by never passing them to those services that don’t support DNT?

For example — many sites run retargeting ads on their site delivered by a network that doesn’t support DNT. If you wanted to automatically opt-out DNT users from those ads you could use the DNT JS settings above and fire an ad tag from a campaign that explicitly excluded retargeting ads.

What you choose to do with this data is up to you, though ultimately I do believe that respecting DNT is in the industry’s interest in general. Without it we have: fragmented opt-outs (AdChoices x 10), user-side mass blocking that hurts sites (ABP, ghostery, etc.), and the worry of more problematic laws like the EU “cookie law” aimed at tracking methods.